oru.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Practice-based discourse analysis of information security policies
Örebro University, Örebro University School of Business. (CERIS)ORCID iD: 0000-0002-3265-7627
Örebro University, Örebro University School of Business. (CERIS)ORCID iD: 0000-0003-2304-7170
Information Systems, Linköpings Universitet, Linköping, Sweden.
2017 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 67, p. 267-279Article in journal (Refereed) Published
Abstract [en]

To address the “insider” threat to information and information systems, an information security policy is frequently recommended as an organisational measure. However, having a policy in place does not necessarily guarantee information security. Employees’ poor compliance with information security policies is a perennial problem for many organisations. It has been shown that approximately half of all security breaches caused by insiders are accidental, which means that one can question the usefulness of current information security policies. We therefore propose eight tentative quality criteria in order to support the formulation of information security policies that are practical from the employees’ perspective. These criteria have been developed using practice-based discourse analysis on three information security policy documents from a health care organisation.

Place, publisher, year, edition, pages
Elsevier, 2017. Vol. 67, p. 267-279
Keywords [en]
Information security policy, discourse analysis, communicative analysis, quality criteria, policy design
National Category
Information Systems, Social aspects
Research subject
Informatics
Identifiers
URN: urn:nbn:se:oru:diva-54720DOI: 10.1016/j.cose.2016.12.012ISI: 000401213200018Scopus ID: 2-s2.0-85017641481OAI: oai:DiVA.org:oru-54720DiVA, id: diva2:1065795
Projects
SECURIT - Congruence
Funder
Swedish Civil Contingencies Agency, 2011-388Available from: 2017-01-16 Created: 2017-01-16 Last updated: 2017-10-18Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Karlsson, FredrikHedström, Karin

Search in DiVA

By author/editor
Karlsson, FredrikHedström, Karin
By organisation
Örebro University School of Business
In the same journal
Computers & security (Print)
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 280 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf